Mirror of https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/ https://git.shady.money/linux/atom?h=v6.3 2023-04-10T17:23:15Z 2023-04-10T17:23:15Z Sasha Finkelstein fnkl.kernel@gmail.com 2023-03-10T10:28:42Z urn:sha1:b76abe4648c1acc791a207e7c08d1719eb9f4ea8 This patch fixes an incorrect loop exit condition in code that replaces '/' symbols in the board name. There might also be a memory corruption issue here, but it is unlikely to be a real problem. Cc: <stable@vger.kernel.org> Signed-off-by: Sasha Finkelstein <fnkl.kernel@gmail.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2023-04-10T17:23:01Z Zheng Wang zyytlz.wz@163.com 2023-03-08T16:45:01Z urn:sha1:73f7b171b7c09139eb3c6a5677c200dc1be5f318 In btsdio_probe, the data->work is bound with btsdio_work. It will be started in btsdio_send_frame. If the btsdio_remove runs with a unfinished work, there may be a race condition that hdev is freed but used in btsdio_work. Fix it by canceling the work before do cleanup in btsdio_remove. Signed-off-by: Zheng Wang <zyytlz.wz@163.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2023-03-23T20:09:38Z Zheng Wang zyytlz.wz@163.com 2023-03-09T08:07:39Z urn:sha1:1e9ac114c4428fdb7ff4635b45d4f46017e8916f In btsdio_probe, &data->work was bound with btsdio_work.In btsdio_send_frame, it was started by schedule_work. If we call btsdio_remove with an unfinished job, there may be a race condition and cause UAF bug on hdev. Fixes: ddbaf13e3609 ("[Bluetooth] Add generic driver for Bluetooth SDIO devices") Signed-off-by: Zheng Wang <zyytlz.wz@163.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2023-03-23T20:09:38Z Stephan Gerhold stephan.gerhold@kernkonzept.com 2023-03-08T13:31:55Z urn:sha1:5d44ab9e204200a78ad55cdf185aa2bb109b5950 On most devices using the btqcomsmd driver (e.g. the DragonBoard 410c and other devices based on the Qualcomm MSM8916/MSM8909/... SoCs) the Bluetooth firmware seems to become unresponsive for a while after setting the BD address. On recent kernel versions (at least 5.17+) this often causes timeouts for subsequent commands, e.g. the HCI reset sent by the Bluetooth core during initialization: Bluetooth: hci0: Opcode 0x c03 failed: -110 Unfortunately this behavior does not seem to be documented anywhere. Experimentation suggests that the minimum necessary delay to avoid the problem is ~150us. However, to be sure add a sleep for > 1ms in case it is a bit longer on other firmware versions. Older kernel versions are likely also affected, although perhaps with slightly different errors or less probability. Side effects can easily hide the issue in most cases, e.g. unrelated incoming interrupts that cause the necessary delay. Fixes: 1511cc750c3d ("Bluetooth: Introduce Qualcomm WCNSS SMD based HCI driver") Signed-off-by: Stephan Gerhold <stephan.gerhold@kernkonzept.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2023-03-23T20:09:26Z Kiran K kiran.k@intel.com 2023-03-08T07:58:37Z urn:sha1:902160cdb2bf4d23cd75f43ed0597ddf0134bb89 Older platforms and Virtual platforms which doesn't have support for bluetooth device in ACPI firmware will not have valid ACPI handle. Check for validity of handle before accessing. dmesg log from simics environment (virtual platform): BUG: unable to handle kernel NULL pointer dereference at 0000000000000018 IP: acpi_ns_walk_namespace+0x5c/0x278 PGD 0 P4D 0 Oops: 0000 [#1] SMP PTI Modules linked in: bnep intel_powerclamp coretemp kvm_intel kvm irqbypass intel_cstate input_leds joydev serio_raw mac_hid btusb(OE) btintel(OE) bluetooth(OE) lpc_ich compat(OE) ecdh_generic i7core_edac i5500_temp shpchp binfmt_misc sch_fq_codel parport_pc ppdev lp parport ip_tables x_tables autofs4 hid_generic usbhid hid e1000e psmouse ahci pata_acpi libahci ptp pps_core floppy CPU: 0 PID: 35 Comm: kworker/u3:0 Tainted: G OE 4.15.0-140-generic #144-Ubuntu Hardware name: Simics Simics, BIOS Simics 01/01/2011 Workqueue: hci0 hci_power_on [bluetooth] RIP: 0010:acpi_ns_walk_namespace+0x5c/0x278 RSP: 0000:ffffaa9c0049bba8 EFLAGS: 00010246 RAX: 0000000000000001 RBX: 0000000000001001 RCX: 0000000000000010 RDX: ffffffff92ea7e27 RSI: ffffffff92ea7e10 RDI: 00000000000000c8 RBP: ffffaa9c0049bbf8 R08: 0000000000000000 R09: ffffffffc05b39d0 R10: 0000000000000000 R11: 0000000000000001 R12: 0000000000000001 R13: 0000000000000000 R14: ffffffffc05b39d0 R15: ffffaa9c0049bc70 FS: 0000000000000000(0000) GS:ffff8be73fc00000(0000) knlGS:0000000000000000 CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 CR2: 0000000000000018 CR3: 0000000075f0e000 CR4: 00000000000006f0 Fixes: 294d749b5df5 ("Bluetooth: btintel: Iterate only bluetooth device ACPI entries") Signed-off-by: Kiran K <kiran.k@intel.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2023-03-22T23:05:55Z Kiran K kiran.k@intel.com 2023-02-28T11:01:54Z urn:sha1:294d749b5df5a22d17989833fb1a0a2cd1dfd243 Current flow interates over entire ACPI table entries looking for Bluetooth Per Platform Antenna Gain(PPAG) entry. This patch iterates over ACPI entries relvant to Bluetooth device only. Fixes: c585a92b2f9c ("Bluetooth: btintel: Set Per Platform Antenna Gain(PPAG)") Signed-off-by: Kiran K <kiran.k@intel.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2023-03-22T23:05:55Z Luiz Augusto von Dentz luiz.von.dentz@intel.com 2023-02-24T23:54:31Z urn:sha1:efe375b716c1c1c9b52a816f5b933a95421020a2 This removes the code introduced by 14202eff214e1e941fefa0366d4c3bc4b1a0d500 as hci_recv_frame is now able to detect ACL packets that are in fact ISO packets. Fixes: 14202eff214e ("Bluetooth: btusb: Detect if an ACL packet is in fact an ISO packet") Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2023-02-09T22:20:04Z Seema Sreemantha seema.sreemantha@intel.com 2023-02-06T06:51:44Z urn:sha1:c585a92b2f9c624b0b62b2af1eb0ea6d11cb5cac Antenna gain is defined as the antenna’s ability to increase the Tx power in a given direction. Intel is certifying its products with fixed reference antenna peak gain values (3/5dBi). The feature takes into account the actual antenna gain, and increases output power values, which results in a performance improvement. After firmware download is completed, driver reads from ACPI table and configures PPAG as required. ACPI table entry for PPAG is defined as below. Name (PPAG, Package (0x02) { 0x00000001, Package (0x02) { 0x00000012, /* Bluetooth Domain */ 0x00000001 /* 1 - Enable PPAG, 0 - Disable PPAG */ } }) btmon log: < HCI Command: Intel Configure Per Platform Antenna Gain (0x3f|0x0219) plen 12 Mcc: 0x00000000 Selector: Enable Delta: 0x00000000 > HCI Event: Command Complete (0x0e) plen 4 Intel Configure Per Platform Antenna Gain (0x3f|0x0219) ncmd 1 Status: Success (0x00) Signed-off-by: Kiran K <kiran.k@intel.com> Signed-off-by: Seema Sreemantha <seema.sreemantha@intel.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2023-02-09T22:19:08Z Zhengping Jiang jiangzp@google.com 2023-02-02T17:47:01Z urn:sha1:03b0093f7b310493bc944a20f725228cfe0d3fea Bluetooth controller attached via the UART is handled by the serdev driver. Get the wakeup status from the device handle through serdev, instead of the parent path. Fixes: c1a74160eaf1 ("Bluetooth: hci_qca: Add device_may_wakeup support") Signed-off-by: Zhengping Jiang <jiangzp@google.com> Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com> 2023-02-09T22:17:23Z Luiz Augusto von Dentz luiz.von.dentz@intel.com 2023-01-05T23:58:04Z urn:sha1:fec2972a3155b3f6deb6fa8f06fcd645695d6b49 This fixes the following warnings: drivers/bluetooth/hci_qca.c:1014:26: warning: cast to restricted __le16 drivers/bluetooth/hci_qca.c:1028:37: warning: cast to restricted __le32 Signed-off-by: Luiz Augusto von Dentz <luiz.von.dentz@intel.com>